pool/openjpeg2
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 446992 from home:michel_mno:branches:graphics

Browse Source 
- update to version 2.1.2
  Bug fixes including security fixes among which:
  CVE-2016-8332 CVE-2016-7163
  CVE-2016-5139 CVE-2016-5159
  CVE-2016-5158 (not listed but solved different way)
  Huge amount of critical bugfixes
  Speed improvements
  No API/ABI break compared to v2.1.1/v2.1
- some doc files now have '.md' suffix (like README.md)
- CVE-2016-5152 with new 0018-tcd_get_decoded_tile_size.patch

This openjpeg2 is solution to avoid ppc64 build error
of graphics/ ImageMagick for TW.
But this openjpeg2 version do not build on openSUSE 13.1
because cmake 2.8 do not support "target_compile_options"
Do we still have to build for openSUSE 13.1 ?

OBS-URL: https://build.opensuse.org/request/show/446992
OBS-URL: https://build.opensuse.org/package/show/graphics/openjpeg2?expand=0&rev=25
This commit is contained in:
Ismail Dönmez 2016-12-19 09:58:53 +00:00 committed by Git OBS Bridge
parent 82a3f0cb76
commit 22f0cbcc82
5 changed files with 86 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
0018-tcd_get_decoded_tile_size.patch Normal file
View File

@ -0,0 +1,61 @@
---
src/lib/openjp2/j2k.c | 4 ++++
src/lib/openjp2/tcd.c | 16 ++++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
Index: openjpeg-2.1.2/src/lib/openjp2/j2k.c
===================================================================
--- openjpeg-2.1.2.orig/src/lib/openjp2/j2k.c
+++ openjpeg-2.1.2/src/lib/openjp2/j2k.c
@@ -8097,6 +8097,10 @@ OPJ_BOOL opj_j2k_read_tile_header(
*p_tile_index = p_j2k->m_current_tile_number;
*p_go_on = OPJ_TRUE;
*p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+ if (*p_data_size == (OPJ_UINT32)-1) {
+ return OPJ_FALSE;
+ }
+
*p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
*p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
*p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
Index: openjpeg-2.1.2/src/lib/openjp2/tcd.c
===================================================================
--- openjpeg-2.1.2.orig/src/lib/openjp2/tcd.c
+++ openjpeg-2.1.2/src/lib/openjp2/tcd.c
@@ -1154,6 +1154,7 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
opj_tcd_tilecomp_t * l_tile_comp = 00;
opj_tcd_resolution_t * l_res = 00;
OPJ_UINT32 l_size_comp, l_remaining;
+ OPJ_UINT32 l_temp;
l_tile_comp = p_tcd->tcd_image->tiles->comps;
l_img_comp = p_tcd->image->comps;
@@ -1171,7 +1172,18 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
}
l_res = l_tile_comp->resolutions + l_tile_comp->minimum_num_resolutions - 1;
- l_data_size += l_size_comp * (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0));
+ l_temp = (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0)); /* x1*y1 can't overflow */
+
+ if (l_size_comp && ((OPJ_UINT32)-1) / l_size_comp < l_temp) {
+ return (OPJ_UINT32)-1;
+ }
+ l_temp *= l_size_comp;
+
+ if (l_temp > ((OPJ_UINT32)-1) - l_data_size) {
+ return (OPJ_UINT32)-1;
+ }
+ l_data_size += l_temp;
+
++l_img_comp;
++l_tile_comp;
}
@@ -1366,7 +1378,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_
OPJ_UINT32 l_stride, l_width,l_height;
l_data_size = opj_tcd_get_decoded_tile_size(p_tcd);
- if (l_data_size > p_dest_length) {
+ if (l_data_size == (OPJ_UINT32)-1 || l_data_size > p_dest_length) {
return OPJ_FALSE;
}

3
openjpeg-2.1.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1232bb814fd88d8ed314c94f0bfebb03de8559583a33abbe8c64ef3fc0a8ff03
size 1789675

3
openjpeg-2.1.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7
size 1987071

14
openjpeg2.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Dec 19 08:42:02 UTC 2016 - normand@linux.vnet.ibm.com
- update to version 2.1.2
Bug fixes including security fixes among which:
CVE-2016-8332 CVE-2016-7163
CVE-2016-5139 CVE-2016-5159
CVE-2016-5158 (not listed but solved different way)
Huge amount of critical bugfixes
Speed improvements
No API/ABI break compared to v2.1.1/v2.1
- some doc files now have '.md' suffix (like README.md)
- CVE-2016-5152 with new 0018-tcd_get_decoded_tile_size.patch
-------------------------------------------------------------------
Tue Dec 8 15:13:03 UTC 2015 - p.drouand@gmail.com

11
openjpeg2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package openjpeg2
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
%define library_name libopenjp2-7
%define base_version 2.1
Name: openjpeg2
Version: %{base_version}.0
Version: %{base_version}.2
Release: 0
Summary: Opensource JPEG 2000 Codec Implementation
License: BSD-2-Clause
@ -36,6 +36,10 @@ BuildRequires: pkgconfig(libpng)
BuildRequires: pkgconfig(libtiff-4)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# CVE-2016-5152 is
# https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
Patch1: 0018-tcd_get_decoded_tile_size.patch
%description
The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
It has been developed in order to promote the use of JPEG 2000, the new
@ -76,6 +80,7 @@ sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in
for d in thirdparty/*; do
[ -d "$d" ] && rm -rf "$d"
done
%patch1 -p1
%build
%cmake \
@ -114,7 +119,7 @@ rm -rf %{buildroot}%{_datadir}/doc
%files
%defattr(-,root,root,-)
%doc AUTHORS CHANGES NEWS LICENSE README THANKS
%doc AUTHORS.md CHANGELOG.md NEWS.md LICENSE README.md THANKS.md
%{_bindir}/opj_*
%{_mandir}/man1/opj_*.1%{ext_man}